Summary: A supply chain attack on South Korean VPN provider IPany by the PlushDaemon hacking group resulted in the deployment of the SlowStepper malware through a compromised VPN installer. The attack affected multiple companies, including a semiconductor firm, with signs of infection dating back to November 2023. ESET researchers highlighted the stealthy nature of the malware and its extensive espionage capabilities.
Threat Actor: PlushDaemon | PlushDaemon
Victim: IPany | IPany
Keypoints :
- The attackers compromised IPany’s development platform to insert the SlowStepper backdoor into the VPN installer.
- Infected users unknowingly installed the malicious software alongside the legitimate VPN product.
- SlowStepper is capable of extensive data collection and espionage, including keylogging and webcam access.